原题

Linked lists are great! They let you chain pieces of data together.

nc pwn.chal.csaw.io 9005

链接:https://ctftime.org/task/6644

附件:(下面那个打不开的图片就是,请将文件下载下来改名为shellpointcode)

题解

首先看下文件的基本信息:

$ file shellpointcode

shellpointcode: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=214cfc4f959e86fe8500f593e60ff2a33b3057ee, not stripped

一个64位Linux二进制动态链接文件且未去除符号信息(not stripped)。

再看下二进制文件的安全措施:

$ checksec shellpointcode

    Arch:     amd64-64-little

    RELRO:    Full RELRO

    Stack:    No canary found

    NX:       NX disabled

    PIE:      PIE enabled

    RWX:      Has RWX segments

二进制文件开启了PIE但栈空间未开启canary且可执行。

运行程序感受一下:

$ ./shellpointcode

Linked lists are great!

They let you chain pieces of data together.

(15 bytes) Text for node 1:

AAAA

(15 bytes) Text for node 2:

BBBB

node1:

node.next: 0x7fff265da260

node.buffer: AAAA

What are your initials?

CCCC

Thanks CCCC

Segmentation fault

反汇编

CSAW CTF Qualification Round 2018 - shell->code的更多相关文章

  1. [C++]Store Credit——Google Code Jam Qualification Round Africa 2010

    Google Code Jam Qualification Round Africa 2010 的第一题,很简单. Problem You receive a credit C at a local ...

  2. Google Code Jam Africa 2010 Qualification Round Problem B. Reverse Words

    Google Code Jam Africa 2010 Qualification Round Problem B. Reverse Words https://code.google.com/cod ...

  3. Google Code Jam Africa 2010 Qualification Round Problem A. Store Credit

    Google Code Jam Qualification Round Africa 2010 Problem A. Store Credit https://code.google.com/code ...

  4. Facebook Hacker Cup 2014 Qualification Round

    2014 Qualification Round Solutions 2013年11月25日下午 1:34 ...最简单的一题又有bug...自以为是真是很厉害! 1. Square Detector ...

  5. Facebook Hacker Cup 2014 Qualification Round 竞赛试题 Square Detector 解题报告

    Facebook Hacker Cup 2014 Qualification Round比赛Square Detector题的解题报告.单击这里打开题目链接(国内访问需要那个,你懂的). 原题如下: ...

  6. DP VK Cup 2012 Qualification Round D. Palindrome pairs

    题目地址:http://blog.csdn.net/shiyuankongbu/article/details/10004443 /* 题意:在i前面找回文子串,在i后面找回文子串相互配对,问有几对 ...

  7. dp - Google Code jam Qualification Round 2015 --- Problem B. Infinite House of Pancakes

    Problem B. Infinite House of Pancakes Problem's Link:   https://code.google.com/codejam/contest/6224 ...

  8. Google Code jam Qualification Round 2015 --- Problem A. Standing Ovation

    Problem A. Standing Ovation Problem's Link:   https://code.google.com/codejam/contest/6224486/dashbo ...

  9. Google Code Jam 2009 Qualification Round Problem C. Welcome to Code Jam

    本题的 Large dataset 本人尚未解决. https://code.google.com/codejam/contest/90101/dashboard#s=p2 Problem So yo ...

随机推荐

  1. <R语言编程艺术>的一个错误以及矩阵相加

    R语言编程艺术讲矩阵这节时,举了个随机噪声模糊罗斯福总统画像的例子.但是里面似乎有个错误,例子本意是区域外的值保持不变,而选定区域的值加一个随机值,但是实际情况是两个行列不相等的矩阵相加,会报错,如果 ...

  2. HDU4089 Activation(概率DP+处理环迭代式子)

    题意:有n个人排队等着在官网上激活游戏.Tomato排在第m个. 对于队列中的第一个人.有一下情况: 1.激活失败,留在队列中等待下一次激活(概率为p1) 2.失去连接,出队列,然后排在队列的最后(概 ...

  3. MySQL常用SQL(含复杂SQL查询)

    1.复杂SQL查询 1.1.单表查询 (1)选择指定的列 [例]查询全体学生的学号和姓名 select Sno as 学号,Sname as 姓名 from student; select Sno,S ...

  4. Learn Python the hard way, ex35 分支和函数

    #!/usr/bin/python #coding:utf-8 from sys import exit def gold_room(): print "this room is full ...

  5. Bootstrap 学习笔记12 轮播插件

    轮播插件: <!-- data-ride="carousel"自动播放 --> <div id="myCarousel" class=&quo ...

  6. 手撸红黑树-Red-Black Tree 入门

    一.学习红黑树前的准备: 熟悉基础数据结构 了解二叉树概念 二.红黑树的规则和规则分析: 根节点是黑色的 所有叶子节点(Null)是黑色的,一般会认定节点下空节点全部为黑色 如果节点为红色,那么子节点 ...

  7. pojPseudoprime numbers (快速幂)

    Description Fermat's theorem states that for any prime number p and for any integer a > 1, ap = a ...

  8. 机器学习实战笔记-7-AdaBoost元算法

    AdaBoost(Adaptive boosting)元算法 元算法:将不同分类器组合起来的结果,也叫集成方法. AdaBoost优点:泛化错误率,易编码,可应用在大部分分类器,无参数调整:缺点:对离 ...

  9. Elasticsearch+Logstash+Kibana搭建日志平台

    1 ELK简介 ELK是Elasticsearch+Logstash+Kibana的简称 ElasticSearch是一个基于Lucene的分布式全文搜索引擎,提供 RESTful API进行数据读写 ...

  10. 继承Process类,计算累加和以及阶乘

    #定义一个类 继承Process类 from multiprocessing import Process import os class Download(Process): def __init_ ...